Clusterlabs Pacemaker
7 CVEs affecting Clusterlabs Pacemaker. Latest disclosed: 2019-04-18. Critical: 0, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2018-16877 | High | 8.8 | 2019-04-18 | A flaw was found in the way pacemaker's client-server authentication was implemented in versions up to and including 2.0.0. A local attacker could use this fla… |
CVE-2016-7035 | High | 8.8 | 2018-09-10 | An authorization flaw was found in Pacemaker before 1.1.16, where it did not properly guard its IPC interface. An attacker with an unprivileged account on a Pa… |
CVE-2016-7797 | High | 7.5 | 2017-03-24 | Pacemaker before 1.1.15, when using pacemaker remote, might allow remote attackers to cause a denial of service (node disconnection) via an unauthenticated con… |
CVE-2018-16878 | Medium | 6.2 | 2019-04-18 | A flaw was found in pacemaker up to and including version 2.0.1. An insufficient verification inflicted preference of uncontrolled processes can lead to DoS |
CVE-2019-3885 | Low | 3.3 | 2019-04-18 | A use-after-free flaw was found in pacemaker up to and including version 2.0.1 which could result in certain sensitive information to be leaked via the system… |
CVE-2015-1867 | | 2015-08-12 | Pacemaker before 1.1.13 does not properly evaluate added nodes, which allows remote read-only users to gain privileges via an acl command. | |
CVE-2013-0281 | | 2013-11-23 | Pacemaker 1.1.10, when remote Cluster Information Base (CIB) configuration or resource management is enabled, does not limit the duration of connections to the… |